Stay Ahead: Four Security Megatrends Impacting Your Contact Centre

Contents

• Megatrend 1 Generative AI technologies are changing the game
• Megatrend 2 Consumers demand more control over their data
• Megatrend 3 Housing massive amounts of data can pose a security threat
• Megatrend 4 The cloud is now the baseline for better security

Megatrend 1

Generative AI technologies are changing the game

Generative AI is undoubtedly an amazing technology — or emerging class of technologies — and its integration into contact centers heralds a significant transformation for the future of customer experience (CX). Through its capacity to understand, generate and refine text, voice, imagery and even video, it has the potential to empower contact centers with tools that can mimic human interactions, understand customer inquiries and provide accurate, contextually relevant responses. For example, AI chatbots and virtual assistants — powered by sophisticated natural language processing algorithms incorporating Gen AI — can handle a wide range of customer service tasks, from answering frequently asked questions to troubleshooting complex issues.

In short, Gen AI promises to bring unprecedented efficiencies and innovations to the forefront of customer service. However, the rise of every new technology simultaneously introduces new vulnerabilities and security challenges, and we can already anticipate some of the potential vulnerabilities it enables.

Gen AI and emerging cyber threats

Malicious actors can potentially leverage Gen AI to orchestrate more sophisticated cyberattacks. This technology could allow ransomware threats to evolve, pinpointing vulnerabilities with alarming precision and speed. Such AI-assisted capabilities might enable cybercriminals to cause unprecedented disruption, underscoring the urgent need for advanced defensive strategies.

Going phishing with Gen AI

Gen AI could, for instance, elevate spam and phishing attacks to a whole new level of deception. By producing messages that uncannily impersonate legitimate communication, these AI-powered schemes might significantly increase the risk of individuals disclosing sensitive information. This escalation in the sophistication of spam and phishing demands heightened vigilance, employee training and more sophisticated detection methods.

Deepfake dangers in customer interaction

The advent of deepfake technology, powered by Gen AI, introduces the potential for new risks in customer service. Realistic audio and visual impersonations can convincingly replicate the identities of customers or company executives, leading to possible security breaches. This technology not only challenges traditional verification processes but also necessitates the implementation of innovative security measures to safeguard trust and integrity.

Develop a Gen AI aware security strategy

So, what should contact center IT managers do in response to these sophisticated cyber threats? First, adopting (or creating) enterprise-grade secure Gen AI systems is essential for minimizing risks while still leveraging the technology’s benefits for CX. These systems must be designed with advanced security features to detect and neutralize potential threats, ensuring that customer interactions are both innovative and safe. By prioritizing security in the development and deployment of AI tools, contact centers can protect against sophisticated cyber threats without compromising service quality.

Employee training and awareness

Second, comprehensive training programs are crucial for ensuring that employees understand the security threats posed by Gen AI and know how to effectively mitigate them. Such programs should cover the identification of AI-driven phishing attempts; the risks of data poisoning and malicious contamination of in-house LLMs; and strategies for maintaining data integrity. By fostering a culture of security awareness, organizations empower their staff to act as the first line of defense against cyber threats.

Regulatory compliance and ethical standards

As we’ll explore in the next two megatrends, adhering to regulatory requirements and ethical standards in the deployment of AI technologies is paramount for ensuring data privacy and security. This includes compliance with data protection laws, ethical AI use policies and guidelines for the responsible management of AI systems. By committing to these standards, contact centers not only safeguard their operations against legal and reputational risks but also reinforce their commitment to customer trust and safety.

Attacks that can slip below your existing radars

As Gen AI technologies become increasingly integrated into the fabric of contact center operations, the need for robust data privacy and security measures escalates. Advanced security protocols, such as encryption, access controls and relentless monitoring, are imperative to safeguard data against unauthorized breaches.

Imagine a scenario where hundreds of remote contact center employees are targeted by a sophisticated Gen AI-powered phishing attack. This scenario unfolds as the attackers deploy Gen AI algorithms to craft highly convincing phishing emails that are tailored to mimic the exact communication style of trusted contact center managers within the organization. These emails are sent to employees in an attempt to trick them into revealing login credentials that could give unauthorized access to their contact center’s customer database.

The attackers’ use of Gen AI allows these phishing attempts to adapt and evolve, slipping past traditional spam filters and security measures designed for less sophisticated threats.

The emails are so effectively personalized that they raise minimal suspicion among employees, increasing the likelihood of successful data breaches. Indeed, a significant number of the agents believed the emails were legitimate.

Recognizing the severity of the threat, the contact center’s security team quickly implements a countermeasure: an AIdriven security system that can identify and neutralize newer AIgenerated threats. This system uses advanced machine learning models to detect anomalies in email patterns and assess the legitimacy of the content, flagging potential threats before they reach the end user.

To further strengthen their defenses, the contact center enhances its encryption measures and implements stricter multifactor authentication for agents accessing the most sensitive systems and data. These steps are crucial for protecting against the increasingly sophisticated landscape of cyber threats, ensuring the contact center can maintain the trust and security of its customer interactions in the digital age.

Navigating the future of Gen AI

Anticipating evolving threats

The rapidly advancing threat of cyberattacks powered by Gen AI requires ongoing vigilance and the development of adaptive security strategies. As Gen AI technologies evolve, so do the methods used by malicious actors, making it imperative for organizations to stay ahead through continuous monitoring, threat intelligence and predictive analytics.

Balancing innovation with security

Contact centers must find a delicate balance between harnessing Gen AI for operational efficiency and innovation and implementing robust security measures to protect against vulnerabilities. This balance involves integrating security into the AI development process, ensuring that any innovations enhance one’s security posture rather than exposing it to potential exploits.

Collaboration and industry standards

The role of industry collaboration and the development of standards is crucial in creating a secure ecosystem for Gen AI in contact centers. By working together, organizations can share best practices, develop common security frameworks and ensure that AI technologies are used responsibly and safely, safeguarding against potential threats while enjoying the fruits of a powerful new form of innovation.

Megatrend 2

Consumers demand more control over their data

In recent years, with compliance measures around the globe evolving to address the sophisticated data mining tactics of online advertising technologies, the struggle between consumer data and privacy has swung firmly in favor of the consumer.

And consumer data protection concerns only continue to grow with the emergence of Gen AI and its potential use by organizations to create ever more personalized customer experiences. While using consumer data unethically, or without explicit consent, may not pose an obvious contact center security risk in terms of a technical vulnerability, a legal vulnerability could, of course, sink your organization even faster than a cyberattack.

Prioritize data privacy and protection

Given the long and very public history of massive data leaks, it isn’t surprising that data privacy remains one of the most important social and ethical concerns for consumers and businesses worldwide.

A US consumer survey published by Genesys in 2024 found that anxiety about data remains high: 79% of consumers want the option to have their data deleted once a customer service issue is resolved, and only 41% trust brands to use their data and related information responsibly.

Despite this anxiety, 44% of consumers say they do prefer that organizations retain their personal data to make future interactions more efficient, while 40% prefer that their data be retained to enhance personalization — with millennials, on both counts, being more willing than any other generational cohort (including Gen Z) for their information to be used for such purposes.

Consumers are still willing to share their data — particularly with human agents (58%) over bots (7%) — but it’s with the expectation that it’ll be kept secure and used to improve their customer experiences.

Exchange experience for data

Consumers’ expectations for personalized experiences, influenced by the customization they’ve grown to expect from services like Netflix and Spotify, come with a strong demand for privacy and data security. As contact centers use an expanding range of AI technologies for enhanced personalization, the ethical implications of data usage emerge as a key consideration for any CX strategy.

Transparent policies on how consumer data is used, particularly in AI-driven enhancements, are essential. Companies must ensure that the exchange of data for improved experiences is 10 conducted responsibly, with consumer consent and privacy at the forefront. And while only 40% of US consumers “prefer” their data be used for personalization, an additional 27% don’t mind it being used if it will be protected and used responsibly — making enhanced personalization a clear consumer expectation, if not a mandate.

And organizations are listening. According to our 2023 “State of Customer Experience” report, using data and AI for greater customer understanding and personalization is one of the top strategic priorities among CX leaders worldwide.

Earn trust through transparency

There’s a paradox: Consumers are very concerned about data privacy, but they also want personalized experiences. This calls for a steadfast dedication to transparency. Organizations must clearly communicate their AI-driven data practices, making consumers a part of the decision-making process regarding their data. This involves being upfront about the role of consumer data in training AI models, including those used in speech analytics and predictive engagement, and detailing the protections against misuse.

By clarifying the details of their AI operations, prioritizing consumer privacy and anonymizing data, companies can strengthen trust and adeptly navigate the complex landscape of consumer expectations and regulatory demands. And they’ll also reap the benefits of the diverse AI applications available to modern contact centers.

Megatrend 3

Housing massive amounts of data can pose a security threat

Although they’re aimed at enriching customer interactions, an array of AI technologies employing customer data — including Gen AI, speech analytics, customer journey management, predictive routing and predictive engagement — may inadvertently introduce unprecedented data security gaps.

Some of these novel vulnerabilities have to do with the sheer volume of information being collected and used. As a contact center adopts new technologies to streamline operations and improve customer relationships at a wider array of touchpoints, it produces exponentially more data. This is great to power AI, develop insights and further refine customer experience strategies. However, increasing amounts of customer data pose a logistical and security threat to both businesses and customers. Strategies are necessary to capture this growth and store data securely.

Prepare your data infrastructure

Customer interaction recordings, whether they’re screen, chat or voice, offer contact centers a wealth of benefits. They provide companies with training material and deliver more granular data to power omnichannel experiences — and that creates better customer experiences. Contact centers can also leverage quality evaluation tools to track compliance and keep an audit trail that demonstrates — to regulators and customers — how your company follows information collection procedures.

These recordings are robust tools that generate volumes of valuable data and insights that need to be stored in a consistently secure and compliant way — or not stored at all in certain cases. To take advantage of all the benefits of new technology like AItranscribed interaction recordings and predictive analytics, call centers must be prepared with the right IT infrastructure in place. And companies must be aware of regulations regarding data storage, especially if they operate in Europe and must follow GDPR

Layer your security

Given the sophistication of traditional and emerging AI-driven cyberattacks, companies can’t assume one methodology will solve all security problems. The key is to secure all your data — not just your network.

To minimize the impact of a potential data breach, part of building the right IT infrastructure is to integrate security at various layers. This includes:

• Encrypting data at rest and in motion
• Instituting company-wide, role-based access rules according to job function
• Integrating multi-factor authentication and a strict password management system
• Keeping abreast of your industry’s compliance standards and ensuring you have the tools to meet them

Weigh your options

Managing the storage of huge tracts of important business data will become part of every company’s future security posture. And it’s a major consideration for contact centers as they embrace more digital channels and new implementations of AI automation.

With the amount of data most organizations have access to, there’s game-changing potential to enhance everything from training to bottom lines. But how you anonymize the data and store it safely makes the difference in the long term.

Regulations like Europe’s GDPR dictate how long data can be stored and how it should be removed. At the outset, deciding on how long you store data and how you dispose of it will save you security and storage headaches down the road. Also, many cloud service providers provide elevated security layers like encryption at rest and in motion.

Megatrend 4

The cloud is now the baseline for better security

With its reliable and consistently proven benefits, cloud technology has become integral to modern business operations. As companies increasingly migrate their operations to the cloud — including contact center technologies like Gen AI bots, speech analytics, customer journey management, predictive routing and predictive engagement — the imperative for robust cloud security becomes paramount.

Data can be more secure in the cloud than in a data center — if handled properly. With their reputation and bottom lines at stake, cloud service providers cannot afford the slightest lapse in security. Often, they have their own dedicated security specialty teams that few organizations can match or afford.

Implement cloud security best practices

Cloud services, versatile in their applications from data storage to IT infrastructure, enable businesses to operate more efficiently and cost-effectively. However, securing data within these cloud environments, especially when it involves consumer data processed by AI technologies, remains a critical responsibility of the cloud customer. Here are essential practices to ensure data security:

• Apply data protection policies: Determine the policies that govern the storage and processing of data, including sensitive consumer information used by AI for enhancing customer experiences.
• Implement encryption (with your own keys): Encrypting your data at rest and in motion is standard and can be done by cloud services, but make sure you use your own encryption keys.
• Train staff: Train employees on how to recognize security threats and initially respond to them, including the perennial importance of strong password practices.
• Limit data sharing: Establish which users, groups and roles are granted internal and external access to data, under which circumstances, and across which devices and cloud services.
• Control unmanaged devices: Block access to your cloud services from unmanaged devices (e.g., personal phones) or control it by requiring security verifications before access.
• Secure your user endpoints: You must protect all network endpoints used to access the cloud, including end-user devices such as laptops, mobile phones and desktops.
• Conduct audits and penetration testing: Whether you’re relying on an outside security firm or an internal team, run intermittent security audits and penetration tests to assess current cloud security levels.

Screen cloud vendors for security

It’s imperative for businesses to only partner with third-party cloud vendors who can be trusted to consistently deliver the best and latest in security protocols that conform to industry and regulatory standards. These security measures are essential for contact centers leveraging cloud-based AI technologies to enhance customer and employee experiences. A trusted cloud provider will hold a range of security certifications — and they need to make this information publicly available.

To guarantee your cloud service vendors meet your stringent security standards, we’ve developed a series of questions you can ask based on four major security pillars:

Security pillar questions

Compliance

Your third-party vendors are an extension of your business, so it’s essential they — as well as their partners — meet the same stringent regulatory and compliance standards.

• Does your cloud solution comply with all necessary audits and certifications?
• Can customers audit the cloud solution?
• How does your cloud solution provide tools to manage TCPA compliance and Do Not Call lists?
• Does your cloud solution meet GDPR?
• Does your cloud solution comply with Payment Card Industry Data Security Standards?

Data protection

Data breaches put companies at risk of losing both public trust and revenue; protecting that data is essential. IBM research found the total average cost of a data breach increased 15% year-over-year in 2023 to an average of $4.45 million and says that organizations that use AI-powered security and automation extensively can save an average of $1.76 million compared to organizations that don’t.

• Does your cloud solution provide enterprise-grade security?
• Does the cloud data center have adequate monitoring and processes to address excessive, suspicious or unauthorized attempts to access?
• Is customer data, including sensitive data, encrypted while at rest and in transit?
• Does your cloud solution use web application firewall products to protect against application-layer attacks? If so, do you have documented configuration controls?

Security pillar questions

Information security

Regardless of size, all vendors should understand the global network design and where any points of vulnerability might exist. They also should have strict policies that protect against both internal and external threats. And vendors must consistently and systematically test and review their code using various tools and vulnerability assessments.

• Do you understand the global network design and where any points of vulnerability exist?
• Does a third-party company perform intrusion tests on your cloud solution? If so, how often?
• How does your cloud solution protect against malicious internal data threats?
• How does your cloud solution protect against Distributed Denial of Service attacks? Does it use Amazon Web Services Shield and load balancers?

Business continuity

After a disruptive incident, returning to normal operations depends on accessing cloud data and services. Vendors must demonstrate how they would first address any disruptions and then seamlessly pick up from where operations dropped off.

• What strategy does your cloud-based contact center use for high availability?
• What’s the cloud solution’s business continuity plan?
• Does your cloud solution have an additional charge for geo-redundancy?
• Is your cloud architecture designed with inherent georedundancy with at least three data centers configured with active-active-active resiliency?
• Does your solution provide autoscaling to handle substantial increases in demand?

To the cloud — and beyond

These four megatrends are already changing how businesses operate, particularly in how they adapt to AI technologies. Too often, however, companies don’t have the financial or human resources to meet even basic security standards with their on-premises computing solutions.

Companies that neglect security, especially in the context of AI and cloud integration, will see their customers look to others to provide it. And if outpaced by technology, a deteriorating security posture can lead to costly data breaches.

To tackle these challenges, contact centers must form strong partnerships with cloud providers that have the resources and technological know-how to offer digital solutions that meet higher security standards and leverage the power of data for better AI-driven customer and employee experiences.

And a strong partnership means you’ll always have stability in a shifting security landscape: a secure cloud infrastructure, data encryption at rest and in motion, full regulatory compliance, transparency in data processing and intentions, and an unwavering commitment to data privacy.